On Sun, 2014-05-25 at 11:37 +0800, anc...@gmail.com wrote: > Thank you for your info. > > I do apt to conclude this as a "false positive", but clamav-0.98.1 does not > yield "high threat" warnings under the same scan conditions :
And you back-rev'd and installed 0.98.1 and rescanned. I'm wondering if the scanner updated its rules or signatures or plugin used to detect. Sometimes they get a bit overzealous in changes and step over the line... especially with CVSS of 7 or higher. It is worth looking to to figure out when the plugin was updated. > > NVT: SMTP antivirus scanner DoS > > OID: 1.3.6.1.4.1.25623.1.0.11036 > > Threat: Log (CVSS: 7.2) > > Port: smtp (25/tcp) > > submission (587/tcp) > > > > For some reason, we could not send the 42.zip file to this MTA > > > > Vulnerability Detection Method: > > Details: > > SMTP antivirus scanner DoS > > (OID: 1.3.6.1.4.1.25623.1.0.11036) > > I wish some expert can account for this difference before the "false > positive" conclusion. > -- greg folkert - systems administration and support web: donor.com email: g...@donor.com phone: 877-751-3300 x416 direct: 616-328-6449 (direct dial and fax) "There is always the need to carry on." -- Marjory Stoneman Douglas _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml